topic Re: getting error message while trying to telnet to rhel 5.2 server in Operating System - Linux

getting error message while trying to telnet to rhel 5.2 server

Aabarnam — Fri, 18 Feb 2011 12:41:10 GMT

dear all

when i am trying to telnet into a rhel 5.2 server i am getting the following error message.

getnameinfo: localhost: Success
Temporary failure in name resolution: illegal seek
Connection to host lost:

But if i am putting the client ip address entry in /etc/hosts file, it is working fine. I am also not able to login using root while telnetting into the same machine. Please give me the reason why i am not able to login using root through telnet and also give solution for the above problem.

Regards
Aabarnam.S

Re: getting error message while trying to telnet to rhel 5.2 server

Matti_Kurkela — Sun, 20 Feb 2011 13:18:55 GMT

Reverse DNS lookup failure.

When you're telnetting to your server, the telnetd process on the server only sees the IP address of the client. It needs to convert it to a hostname to write the proper session records to /var/run/utmp and /var/log/wtmp. So it must find a name that corresponds to the client's IP address. This is called a "reverse DNS lookup".

Telnetting as root is prevented by the pam_securetty PAM module: since you're not logging in from the system console, using the "root" account to login is not allowed. You must use your personal user account to log in, and then use "su", "sudo" or equivalent command to get root access.

Using telnet to log in as root is very bad practice in two ways:
- The telnet protocol is not encrypted, so anyone listening to the network traffic can easily capture your root password.
- If more than one person knows the root password, there will be no record to identify which of them logged in. If your system is in a bank, a phone company or in some other way involved with people's personal information, money or other vital things, this is likely to be a clear violation of legal requirements (failure of accountability, who-did-what-when). If your system is not that important, it still allows one sysadmin to blame another for his/her own mistakes.

If you use SSH instead of telnet, logging in as root is allowed by RHEL 5.2 defaults. While it's still a bad practice, at least it isn't so horribly insecure as using telnet.

MK

Re: getting error message while trying to telnet to rhel 5.2 server

Aabarnam — Sun, 20 Feb 2011 14:51:49 GMT

Hai

thanks for the reply.

Is there any ways to disable the reverse DNS lookup or we have to add all the client's IP address to /etc/hosts file.

Aabarnam

Re: getting error message while trying to telnet to rhel 5.2 server

Matti_Kurkela — Mon, 21 Feb 2011 08:09:45 GMT

Instead of adding all your clients to /etc/hosts, have your DNS server administrator fix the reverse DNS records (record type PTR). Since they are completely separate from regular A records, many DNS administrators may neglect keeping them up-to-date.

There are several free tools and scripts for updating the reverse DNS records automatically - but since they are not always applicable to all sites and situations, they are often not integrated to the DNS server itself, and the DNS administrator must specifically install/enable them if s/he wants to use them.

MK